公开(公告)号：US10547614B2

公开(公告)日：2020-01-28

申请号：US15474285

申请日：2017-03-30

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04W12/08

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US12003481B1

公开(公告)日：2024-06-04

申请号：US18363130

申请日：2023-08-01

Applicant: Juniper Networks, Inc.

Inventor： Paul Raison ,  Jonathan Azevedo ,  Steven P. Onishi ,  Linda M. Cabeca ,  Michael D. Carr

IPC: H04L61/5061 ,  H04L61/5007

CPC classification number: H04L61/5061 ,  H04L61/5007

Abstract: A first device may establish a connection with a second device, and may provide a connection check RPC message to the second device. The first device may receive a verification RPC message from the second device, and may provide, to the second device, a sync domains RPC request that includes a first list of active domains with associated address pools. The first device may receive, from the second device, a sync domains RPC response that includes threshold values for the active domains included in the first list of active domains, and may provide, to the second device, a sync pools RPC request that includes a first list of address pools associated with the active domains. The first device may receive, from the second device, a sync pools RPC response that includes confirmation of the first list of address pools, and may allocate addresses of an address pool to a CPE.

公开(公告)号：US11558382B2

公开(公告)日：2023-01-17

申请号：US17302308

申请日：2021-04-29

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/08 ,  H04L47/10

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US20210250352A1

公开(公告)日：2021-08-12

申请号：US17302308

申请日：2021-04-29

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04W12/08

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US20180288048A1

公开(公告)日：2018-10-04

申请号：US15474285

申请日：2017-03-30

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04W12/08

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US11757833B2

公开(公告)日：2023-09-12

申请号：US17449320

申请日：2021-09-29

Applicant: Juniper Networks, Inc.

Inventor： Paul Raison ,  Jonathan Azevedo ,  Steven P. Onishi ,  Linda M. Cabeca ,  Michael D. Carr

IPC: H04L61/5061 ,  H04L61/5007

CPC classification number: H04L61/5061 ,  H04L61/5007

Abstract: A first device may establish a connection with a second device, and may provide a connection check RPC message to the second device. The first device may receive a verification RPC message from the second device, and may provide, to the second device, a sync domains RPC request that includes a first list of active domains with associated address pools. The first device may receive, from the second device, a sync domains RPC response that includes threshold values for the active domains included in the first list of active domains, and may provide, to the second device, a sync pools RPC request that includes a first list of address pools associated with the active domains. The first device may receive, from the second device, a sync pools RPC response that includes confirmation of the first list of address pools, and may allocate addresses of an address pool to a CPE.

公开(公告)号：US10999280B2

公开(公告)日：2021-05-04

申请号：US16748708

申请日：2020-01-21

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04W12/08 ,  H04L12/801

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US20200162460A1

公开(公告)日：2020-05-21

申请号：US16748708

申请日：2020-01-21

Applicant: Juniper Networks, Inc.

Inventor： John Gibbons ,  Paul Raison ,  Sunil Madhaorao Gandhewar

IPC: H04L29/06 ,  H04W12/08

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

公开(公告)号：US10020986B1

公开(公告)日：2018-07-10

申请号：US15012401

申请日：2016-02-01

Applicant: Juniper Networks, Inc.

Inventor： Aleksey Romanov ,  Paul Raison

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L41/0672 ,  H04L29/12509 ,  H04L61/203 ,  H04L61/2517 ,  H04L61/2567 ,  H04L63/08 ,  H04L63/0892 ,  H04L67/1008 ,  H04L67/142 ,  H04L67/145 ,  H04W4/50

Abstract: An example network access device (NAD) includes a network interface to send and receive packets with an authentication, authorization, and accounting (AAA) server, and a subscriber management service unit (SMSU). The SMSU is configured to, responsive to determining that the AAA server is not reachable by the NAD, send a message from the NAD to the AAA server using the network interface, wherein the message directs the AAA server to send a discovery request message to the NAD, receive the discovery request message from the AAA server using the network interface, wherein the discovery request message includes a request for information about a plurality of subscriber sessions, and generate a discovery response message that includes information about at least a portion of the plurality of subscriber sessions, and send the discovery response message to the network access device using the network interface.

公开(公告)号：US09553861B1

公开(公告)日：2017-01-24

申请号：US14229781

申请日：2014-03-28

Applicant: Juniper Networks, Inc.

Inventor： Ivica D. Bogdanovic ,  Jerome Moisand ,  Paul Raison ,  Kenneth E. Culbert

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/102

Abstract: A computer-implemented method for managing access to services provided by wireline service providers may include (1) receiving at least one request from a subscriber device to authorize access to at least one service, (2) authenticating the subscriber device with an access gateway of a wireline service provider based at least in part on the request, (3) generating a unique session identifier that uniquely identifies the subscriber device during a service-access session, (4) delivering the unique session identifier to a management server of the wireline service provider to enable the management server to authenticate the subscriber device with at least one network device that provides the service based at least in part on the unique session identifier, and then (5) facilitating access by the subscriber device to the service provided by the network device during the service-access session. Various other systems, methods, and computer-readable media are also disclosed.

Abstract translation: 用于管理对由有线服务提供商提供的服务的访问的计算机实现的方法可以包括（1）从订户设备接收至少一个请求以授权对至少一个服务的访问，（2）使用接入网关 至少部分地基于所述请求，（3）生成在服务访问会话期间唯一地识别所述订户设备的唯一会话标识符，（4）将所述唯一会话标识符传递到所述有线服务的管理服务器的有线服务提供商 提供商使得管理服务器能够至少使用至少一个网络设备来认证用户设备，所述至少一个网络设备至少部分地基于唯一会话标识符提供服务，然后（5）促进用户设备访问由网络提供的服务 服务访问会话期间的设备。 还公开了各种其它系统，方法和计算机可读介质。